Solved

ISA replacement

Posted on 2014-10-29
5
1,439 Views
Last Modified: 2014-11-13
Does anyone have a recommendation for a replacement of MS ISA server? Need reverse proxy functionality. Cheers
0
Comment
Question by:bozo1701
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 37

Assisted Solution

by:Jian An Lim
Jian An Lim earned 125 total points
ID: 40412723
depends on your size.
TMG is the last version of reverse proxy for microsoft suite and they are not going to develop further their product.

outside microsoft you got plenty of choice depends on your size of company.
you can choose a software, or an appliance.

for example, but not limit to.

bluecoat

https://www.bluecoat.com/products/web-application-reverse-proxy

squid
http://wiki.squid-cache.org/SquidFaq/ReverseProxy
0
 
LVL 63

Accepted Solution

by:
btan earned 250 total points
ID: 40412766
you can actually check on application delivery controller such as F5 Network, Citrix. The MS direct replacement is TMG/UAG but the TMG is going end of life in 2020, there feature not to be supported as
...there are some features that will suffer from degraded functionality beginning in 2016. Microsoft has announced that it will cease to support the URL Reputation Services (URS) that TMG relies on for web site categorization on December 31, 2015. Also, Microsoft will no longer produce anti-malware and Network Inspection System (NIS) signature updates past this date (although they will continue to function, albeit with outdate signature files).
Having said that there is other provider supporting TMG though such as Celestix MSA.  http://www.celestix.com/best-forefront-tmg-2010-replacement-forefront-tmg-2010/

Forefront UAG can be used to publish internal servers via Web portal or directly (similar to Forefront TMG). For website and VPN replacement use Direct Access, but do note that Direct Access is not a replacement of VPN in few scenarios, e.g. VPN for external workers who shouldn't access all services as company's workers. Of course we can implement several Direct Access implementations in one company, but external workers are enforced to have desktops in company's domain.

F5 Networks
http://www.f5.com/pdf/white-papers/microsoft-threat-management-gateway-alternatives-white-paper.pdf

NetScalar
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/netscaler-a-comprehensive-replacement-for-microsoft-forefront-threat-management-gateway.pdf

For your interest also in comparing Forefront UAG with TMG http://www.isaserver.org/articles-tutorials/general/Should-replace-TMG-firewalls-with-UAG.html
the key differences between TMG and UAG is to take a brief look at a few remote access features and how they differ (or don’t):

Application Intelligence and Publishing (UAG is better than TMG in most areas)
End Point Security (UAG is better than TMG in most areas)
SSL Tunneling (UAG is better than TMG in most areas)
Information Leakage Prevention (UAG is better than TMG in most areas)
Robust Authentication Support (KCD, ADFS, OTP) (UAG is more flexible)
Windows Server 2008, Native 64-Bit (same for both)
Product Certification (Common Criteria) (same for both)
NAP Integration (same for both)
Terminal Services Gateway Integration (easier to set up with UAG)
Web Farm Load Balancing (easier to set up with TMG)
Array Management (TMG more robust)
Enhanced Management and Monitoring (MOM Pack) (same for both)
Enhanced Mobile Solutions (UAG is better in most scenarios)
New and Customizable User Portal (N/A for TMG)
Wizard Driven Configuration (same for both)
0
 
LVL 63

Assisted Solution

by:btan
btan earned 250 total points
ID: 40412822
There is Sophos UTM as a TMG Replacement from a UTM perspective too if it is a single proxy and may be optimal from mgmt perspective but the role and access control has to be thought through to ensure least privileges for such in one box.

http://www.isaserver.org/articles-tutorials/general/life-after-tmg-considering-sophos-utm-tmg-replacement-part1.html

One of the things that people really like about TMG is its application layer filtering, which allows you to control specific applications. Sophos UTM provides excellent visibility into the applications that are being used on your network and allows you to control access to them. You monitor Internet connections that are going through the firewall and you can see what’s happening as it happens, and set policies based on what you observe. You can also perform bandwidth shaping to give priority to certain business-critical applications.
0
 
LVL 40

Assisted Solution

by:noci
noci earned 125 total points
ID: 40412834
You can also build up a plain unix/linux box and use NGINX as a reverse proxy.
That would be the closest i can think of to getting to a ISA. including support for websockets etc.
Squid will miss out on that kind of processing.
0
 

Author Closing Comment

by:bozo1701
ID: 40440901
Thanx all for your suggestions. They are all  a potential replacement it seems. Looks like we will go with the F5 solution - expensive but solid.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question